Rrch@chromium.org* Change logic of SpdySession::VerifyDomainAuthentication to
| 文件 | 最后提交记录 | 最后更新时间 |
|---|---|---|
Reject certificate chains containing small RSA and DSA keys. "Small" means less than 1024 bits. BUG=102949 TEST=net_unittests, X509CertificateTest.* Review URL: http://codereview.chromium.org/8568040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@114709 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Reject certificate chains containing small RSA and DSA keys. "Small" means less than 1024 bits. BUG=102949 TEST=net_unittests, X509CertificateTest.* Review URL: http://codereview.chromium.org/8568040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@114709 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Reject certificate chains containing small RSA and DSA keys. "Small" means less than 1024 bits. BUG=102949 TEST=net_unittests, X509CertificateTest.* Review URL: http://codereview.chromium.org/8568040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@114709 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Reject certificate chains containing small RSA and DSA keys. "Small" means less than 1024 bits. BUG=102949 TEST=net_unittests, X509CertificateTest.* Review URL: http://codereview.chromium.org/8568040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@114709 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Reject certificate chains containing small RSA and DSA keys. "Small" means less than 1024 bits. BUG=102949 TEST=net_unittests, X509CertificateTest.* Review URL: http://codereview.chromium.org/8568040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@114709 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Reject certificate chains containing small RSA and DSA keys. "Small" means less than 1024 bits. BUG=102949 TEST=net_unittests, X509CertificateTest.* Review URL: http://codereview.chromium.org/8568040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@114709 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Added EV policy OID and root sha1 fingerprint for GlobalSign Root CA - R3 BUG=58437 TEST=go to <https://2029.globalsign.com> and verify the EV status Unit Test (This test has been DISABLED because it fails when "./netunittests" is run, though it passes individually.): "net_unittests --gtest_filter=X509CertificateTest.GlobalSignR3EVTest" Review URL: http://codereview.chromium.org/7037031 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@86632 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Reject certificate chains containing small RSA and DSA keys. "Small" means less than 1024 bits. BUG=102949 TEST=net_unittests, X509CertificateTest.* Review URL: http://codereview.chromium.org/8568040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@114709 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Reject certificate chains containing small RSA and DSA keys. "Small" means less than 1024 bits. BUG=102949 TEST=net_unittests, X509CertificateTest.* Review URL: http://codereview.chromium.org/8568040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@114709 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Reject certificate chains containing small RSA and DSA keys. "Small" means less than 1024 bits. BUG=102949 TEST=net_unittests, X509CertificateTest.* Review URL: http://codereview.chromium.org/8568040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@114709 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Reject certificate chains containing small RSA and DSA keys. "Small" means less than 1024 bits. BUG=102949 TEST=net_unittests, X509CertificateTest.* Review URL: http://codereview.chromium.org/8568040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@114709 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Reject certificate chains containing small RSA and DSA keys. "Small" means less than 1024 bits. BUG=102949 TEST=net_unittests, X509CertificateTest.* Review URL: http://codereview.chromium.org/8568040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@114709 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Reject certificate chains containing small RSA and DSA keys. "Small" means less than 1024 bits. BUG=102949 TEST=net_unittests, X509CertificateTest.* Review URL: http://codereview.chromium.org/8568040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@114709 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Reject certificate chains containing small RSA and DSA keys. "Small" means less than 1024 bits. BUG=102949 TEST=net_unittests, X509CertificateTest.* Review URL: http://codereview.chromium.org/8568040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@114709 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Reject certificate chains containing small RSA and DSA keys. "Small" means less than 1024 bits. BUG=102949 TEST=net_unittests, X509CertificateTest.* Review URL: http://codereview.chromium.org/8568040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@114709 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Reject certificate chains containing small RSA and DSA keys. "Small" means less than 1024 bits. BUG=102949 TEST=net_unittests, X509CertificateTest.* Review URL: http://codereview.chromium.org/8568040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@114709 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Reject certificate chains containing small RSA and DSA keys. "Small" means less than 1024 bits. BUG=102949 TEST=net_unittests, X509CertificateTest.* Review URL: http://codereview.chromium.org/8568040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@114709 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Reject certificate chains containing small RSA and DSA keys. "Small" means less than 1024 bits. BUG=102949 TEST=net_unittests, X509CertificateTest.* Review URL: http://codereview.chromium.org/8568040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@114709 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Reject certificate chains containing small RSA and DSA keys. "Small" means less than 1024 bits. BUG=102949 TEST=net_unittests, X509CertificateTest.* Review URL: http://codereview.chromium.org/8568040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@114709 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Reject certificate chains containing small RSA and DSA keys. "Small" means less than 1024 bits. BUG=102949 TEST=net_unittests, X509CertificateTest.* Review URL: http://codereview.chromium.org/8568040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@114709 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
* Change logic of SpdySession::VerifyDomainAuthentication to permit connection pooling of hosts with the same etld when TLS channel ID is used. * Add tests for SpdySession::VerifyDomainAuthentication * Add a new certificate for testing SpdySession::VerifyDomainAuthentication BUG= Review URL: https://chromiumcodereview.appspot.com/10916275 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@156461 0039d316-1c4b-4281-b951-d872f2087c98 | 13 年前 | |
net: fix a couple of broken certificate tests. BUG=111893 TEST=net_unittests Review URL: https://chromiumcodereview.appspot.com/10790129 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@148192 0039d316-1c4b-4281-b951-d872f2087c98 | 13 年前 | |
Add a PKCS#12 file with a certificate but no private key This is needed for a unit test used in a separate CL. (http://codereview.chromium.org/7466006) Written by Gaurav Shah <gauravsh@chromium.org>. Original review URL: http://codereview.chromium.org/7539008/ R=wtc@chromium.org BUG=chromium-os:15838 TEST=none Review URL: http://codereview.chromium.org/7466044 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@95248 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Add test PKCS12 datafile. BUG=19991 TEST=none Review URL: http://codereview.chromium.org/3050037 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@55118 0039d316-1c4b-4281-b951-d872f2087c98 | 15 年前 | |
net: allow EV indication on Windows when the local OCSP/CRL cache is stale. BUG=116984 TEST=On a Windows machine, run certutil -urlcache * delete on the command line. Then start Chrome and ensure that https://www.paypal.com shows a green EV indication in the URL bar. Review URL: http://codereview.chromium.org/9619007 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@125468 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
net: update public key block for the correct Cyber CA certs. Thanks to nahi on Twitter for pointing out that I had the wrong certificate for DigiNotar's Cyber CA and thus blocked the wrong public key. According to the audit report, this isn't panic-worthy as the misissued certs off this intermediate have expired. BUG=96252 TEST=net_unittests Review URL: http://codereview.chromium.org/7865027 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@100852 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
net: update public key block for the correct Cyber CA certs. Thanks to nahi on Twitter for pointing out that I had the wrong certificate for DigiNotar's Cyber CA and thus blocked the wrong public key. According to the audit report, this isn't panic-worthy as the misissued certs off this intermediate have expired. BUG=96252 TEST=net_unittests Review URL: http://codereview.chromium.org/7865027 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@100852 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
net: update public key block for the correct Cyber CA certs. Thanks to nahi on Twitter for pointing out that I had the wrong certificate for DigiNotar's Cyber CA and thus blocked the wrong public key. According to the audit report, this isn't panic-worthy as the misissued certs off this intermediate have expired. BUG=96252 TEST=net_unittests Review URL: http://codereview.chromium.org/7865027 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@100852 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Fix a benign off-by-one error of kNumSerials in IsBlacklisted. Remove duplicate certificate data in google_diginotar.pem and diginotar_public_ca_2025.pem. R=agl@chromium.org BUG=94673 TEST=none Review URL: http://codereview.chromium.org/7792077 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@99494 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
net: update public key block for the correct Cyber CA certs. Thanks to nahi on Twitter for pointing out that I had the wrong certificate for DigiNotar's Cyber CA and thus blocked the wrong public key. According to the audit report, this isn't panic-worthy as the misissued certs off this intermediate have expired. BUG=96252 TEST=net_unittests Review URL: http://codereview.chromium.org/7865027 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@100852 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
net: update public key block for the correct Cyber CA certs. Thanks to nahi on Twitter for pointing out that I had the wrong certificate for DigiNotar's Cyber CA and thus blocked the wrong public key. According to the audit report, this isn't panic-worthy as the misissued certs off this intermediate have expired. BUG=96252 TEST=net_unittests Review URL: http://codereview.chromium.org/7865027 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@100852 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Add SSL test certificate data: dod_ca_13_cert.der (For http://codereview.chromium.org/3106028/show) BUG=19991 TEST=none TBR=wtc Review URL: http://codereview.chromium.org/3214010 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@57937 0039d316-1c4b-4281-b951-d872f2087c98 | 15 年前 | |
Add a certificate chain to be used by a new unit test. R=eroman BUG=31497 TEST=none Review URL: http://codereview.chromium.org/1069001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@41900 0039d316-1c4b-4281-b951-d872f2087c98 | 16 年前 | |
Add a certificate chain to be used by a new unit test. R=eroman BUG=31497 TEST=none Review URL: http://codereview.chromium.org/1069001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@41900 0039d316-1c4b-4281-b951-d872f2087c98 | 16 年前 | |
Add the empty_subject_cert.der certificate for the upcoming X509CertificateTest.EmptySubject unit test. Original code review URL: http://codereview.chromium.org/6656015 R=rsleevi BUG=63988 TEST=none Review URL: http://codereview.chromium.org/6665019 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@77768 0039d316-1c4b-4281-b951-d872f2087c98 | 15 年前 | |
Linux: fix net_unittests failures on Gentoo Linux tlslite does some autodetection which when m2crypto is installed and importable is more strict when parsing certificate files. This CL makes our certificate files acceptable by both the more strict and more lenient versions of code used by tlslite. Swap the certificate and private key in [ok|expired]_cert.pem, so that s.startswith() will return true for OpenSSL_RSAKey. tlslite.X509 uses s.find() to locate the BEGIN CERTIFICATE, so it should be unaffected. For more info see http://groups.google.com/a/chromium.org/group/chromium-dev/browse_thread/thread/903f65ad685da9b2# Review URL: http://codereview.chromium.org/6814045 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@81218 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Add two client certificates for use with unit tests The first is a FOAF.ME cert generated for this purpose. The second is one of my expired MIT certificates. R=wtc BUG=50980 TEST=none Review URL: http://codereview.chromium.org/2836082 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@54650 0039d316-1c4b-4281-b951-d872f2087c98 | 15 年前 | |
Added EV policy OID and root sha1 fingerprint for GlobalSign Root CA - R3 BUG=58437 TEST=go to <https://2029.globalsign.com> and verify the EV status Unit Test (This test has been DISABLED because it fails when "./netunittests" is run, though it passes individually.): "net_unittests --gtest_filter=X509CertificateTest.GlobalSignR3EVTest" Review URL: http://codereview.chromium.org/7037031 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@86632 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Check cert->isRoot to skip extraneous root certificates in certificate chains. NSS bug 721288 causes CERT_PKIXVerifyCert to continue extending the certificate chain after it has reached a root certificate. Detect that bug and ignore such extraneous root certificates in certificate chains when checking for weak signature algorithms. R=rsleevi@chromium.org BUG=108514 TEST=a new unit test (to be added) that uses the certificate chain sent by https://images.etrade.wallst.com/ during SSL handshake. Review URL: http://codereview.chromium.org/9271060 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@119595 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Check cert->isRoot to skip extraneous root certificates in certificate chains. NSS bug 721288 causes CERT_PKIXVerifyCert to continue extending the certificate chain after it has reached a root certificate. Detect that bug and ignore such extraneous root certificates in certificate chains when checking for weak signature algorithms. R=rsleevi@chromium.org BUG=108514 TEST=a new unit test (to be added) that uses the certificate chain sent by https://images.etrade.wallst.com/ during SSL handshake. Review URL: http://codereview.chromium.org/9271060 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@119595 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Add support for parsing certificate formats other than raw, DER-encoded certificates - specifically formats that represent collections of certificates. The certificate format can now be specified as an explicit format, or as a bit-mask of formats that are acceptable/expected, with the first parsable format winning. This is one half of a commit to address BUG #37142, with the second half involving connecting this through the X509UserCertHandler and the actual UI. R=wtc BUG=37142 TEST=X509CertificateParseTest* and PEMTokenizerTest.* Review URL: http://codereview.chromium.org/2819018 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@53298 0039d316-1c4b-4281-b951-d872f2087c98 | 15 年前 | |
Add support for parsing certificate formats other than raw, DER-encoded certificates - specifically formats that represent collections of certificates. The certificate format can now be specified as an explicit format, or as a bit-mask of formats that are acceptable/expected, with the first parsable format winning. This is one half of a commit to address BUG #37142, with the second half involving connecting this through the X509UserCertHandler and the actual UI. R=wtc BUG=37142 TEST=X509CertificateParseTest* and PEMTokenizerTest.* Review URL: http://codereview.chromium.org/2819018 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@53298 0039d316-1c4b-4281-b951-d872f2087c98 | 15 年前 | |
Add support for parsing certificate formats other than raw, DER-encoded certificates - specifically formats that represent collections of certificates. The certificate format can now be specified as an explicit format, or as a bit-mask of formats that are acceptable/expected, with the first parsable format winning. This is one half of a commit to address BUG #37142, with the second half involving connecting this through the X509UserCertHandler and the actual UI. R=wtc BUG=37142 TEST=X509CertificateParseTest* and PEMTokenizerTest.* Review URL: http://codereview.chromium.org/2819018 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@53298 0039d316-1c4b-4281-b951-d872f2087c98 | 15 年前 | |
Add support for parsing certificate formats other than raw, DER-encoded certificates - specifically formats that represent collections of certificates. The certificate format can now be specified as an explicit format, or as a bit-mask of formats that are acceptable/expected, with the first parsable format winning. This is one half of a commit to address BUG #37142, with the second half involving connecting this through the X509UserCertHandler and the actual UI. R=wtc BUG=37142 TEST=X509CertificateParseTest* and PEMTokenizerTest.* Review URL: http://codereview.chromium.org/2819018 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@53298 0039d316-1c4b-4281-b951-d872f2087c98 | 15 年前 | |
Add support for parsing certificate formats other than raw, DER-encoded certificates - specifically formats that represent collections of certificates. The certificate format can now be specified as an explicit format, or as a bit-mask of formats that are acceptable/expected, with the first parsable format winning. This is one half of a commit to address BUG #37142, with the second half involving connecting this through the X509UserCertHandler and the actual UI. R=wtc BUG=37142 TEST=X509CertificateParseTest* and PEMTokenizerTest.* Review URL: http://codereview.chromium.org/2819018 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@53298 0039d316-1c4b-4281-b951-d872f2087c98 | 15 年前 | |
Add support for parsing certificate formats other than raw, DER-encoded certificates - specifically formats that represent collections of certificates. The certificate format can now be specified as an explicit format, or as a bit-mask of formats that are acceptable/expected, with the first parsable format winning. This is one half of a commit to address BUG #37142, with the second half involving connecting this through the X509UserCertHandler and the actual UI. R=wtc BUG=37142 TEST=X509CertificateParseTest* and PEMTokenizerTest.* Review URL: http://codereview.chromium.org/2819018 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@53298 0039d316-1c4b-4281-b951-d872f2087c98 | 15 年前 | |
Fix a benign off-by-one error of kNumSerials in IsBlacklisted. Remove duplicate certificate data in google_diginotar.pem and diginotar_public_ca_2025.pem. R=agl@chromium.org BUG=94673 TEST=none Review URL: http://codereview.chromium.org/7792077 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@99494 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
net: add a test for X509Certificate integration with CRLSet. It's #ifdef'ed USE_NSS for now because we don't yet have implementations for Windows and OS X. BUG=none TEST=net_unittests Review URL: http://codereview.chromium.org/9152011 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@117223 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Check cert->isRoot to skip extraneous root certificates in certificate chains. NSS bug 721288 causes CERT_PKIXVerifyCert to continue extending the certificate chain after it has reached a root certificate. Detect that bug and ignore such extraneous root certificates in certificate chains when checking for weak signature algorithms. R=rsleevi@chromium.org BUG=108514 TEST=a new unit test (to be added) that uses the certificate chain sent by https://images.etrade.wallst.com/ during SSL handshake. Review URL: http://codereview.chromium.org/9271060 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@119595 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Add the invalid_key_usage_cert.der certificate for the upcoming X509CertificateTest.InvalidKeyUsage unit test. Original code review URL: http://codereview.chromium.org/6626033 TBR=rsleevi BUG=70293 TEST=none Review URL: http://codereview.chromium.org/6658007 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@77515 0039d316-1c4b-4281-b951-d872f2087c98 | 15 年前 | |
Add two client certificates for use with unit tests The first is a FOAF.ME cert generated for this purpose. The second is one of my expired MIT certificates. R=wtc BUG=50980 TEST=none Review URL: http://codereview.chromium.org/2836082 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@54650 0039d316-1c4b-4281-b951-d872f2087c98 | 15 年前 | |
Parse individual X.509 name components on Windows, rather than parsing the stringified form On Windows, rather than converting the entire certificate name to a string and attempting to parse out the components and values, iterate through the relativeDistinguishedName and AttributeTypeAndValue pairs to extract each name component. This is to ensure that: 1) When multiple AVAs are present in an RDN, ALL AVAs are parsed. 2) When converting an AVA to a string, no extra escaping is applied. This also fixes domainComponent parsing on OS X, so that unittests with a domainComponent can pass. BUG=101009, 102839 TEST=net_unittests:X509CertificateTest has two new regression tests. Additionally, sample a variety of SSL sites and ensure no regressions, paying attention to internationalized domains. Review URL: http://codereview.chromium.org/8608003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@112650 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
If the version field is omitted from the certificate, the default value is v1(0). R=mattm@chromium.org BUG=110132 TEST=unit_tests --gtest_filter=X509CertificateModelTest.GetVersionOmitted Review URL: https://chromiumcodereview.appspot.com/10391197 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@138005 0039d316-1c4b-4281-b951-d872f2087c98 | 13 年前 | |
Revert 127988 - net: update certificates for TestKnownRoot and PublicKeyHashes. This CL seems to have broken the Win & Win Aura builds. I reused the Comodo certificate since it's valid for > year and it's the last one that I touched. BUG=111893 TEST=net_unittests TBR=agl@chromium.org Review URL: https://chromiumcodereview.appspot.com/9815015 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@127993 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Revert "Revert "Revert "Revert "net: add OCSP tests."""" (First landed in r127486, reverted in r127493 because it broke on Windows XP, relanded in r127518 and reverted in r127520 because Android got upset about an unused function.) I was getting increasingly unhappy altering EV and revocation checking semantics without any tests. We historically haven't had tests because online revocation checking is inherently flaky so I amended testserver with the minimum code to be able to sign and vend OCSP responses. These tests do not test the final EV/CRLSet/revocation checking semantics. They are intended to be altered in future CLs. BUG=none TEST=net_unittests https://chromiumcodereview.appspot.com/9663017/ git-svn-id: svn://svn.chromium.org/chrome/trunk/src@127680 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Linux: fix net_unittests failures on Gentoo Linux tlslite does some autodetection which when m2crypto is installed and importable is more strict when parsing certificate files. This CL makes our certificate files acceptable by both the more strict and more lenient versions of code used by tlslite. Swap the certificate and private key in [ok|expired]_cert.pem, so that s.startswith() will return true for OpenSSL_RSAKey. tlslite.X509 uses s.find() to locate the BEGIN CERTIFICATE, so it should be unaffected. For more info see http://groups.google.com/a/chromium.org/group/chromium-dev/browse_thread/thread/903f65ad685da9b2# Review URL: http://codereview.chromium.org/6814045 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@81218 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Reject certificate chains containing small RSA and DSA keys. "Small" means less than 1024 bits. BUG=102949 TEST=net_unittests, X509CertificateTest.* Review URL: http://codereview.chromium.org/8568040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@114709 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Reject certificate chains containing small RSA and DSA keys. "Small" means less than 1024 bits. BUG=102949 TEST=net_unittests, X509CertificateTest.* Review URL: http://codereview.chromium.org/8568040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@114709 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Reject certificate chains containing small RSA and DSA keys. "Small" means less than 1024 bits. BUG=102949 TEST=net_unittests, X509CertificateTest.* Review URL: http://codereview.chromium.org/8568040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@114709 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Reject certificate chains containing small RSA and DSA keys. "Small" means less than 1024 bits. BUG=102949 TEST=net_unittests, X509CertificateTest.* Review URL: http://codereview.chromium.org/8568040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@114709 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Reject certificate chains containing small RSA and DSA keys. "Small" means less than 1024 bits. BUG=102949 TEST=net_unittests, X509CertificateTest.* Review URL: http://codereview.chromium.org/8568040 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@114709 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Add test self-signed cert for http://codereview.chromium.org/3576016/show. BUG=19991 TEST=none Review URL: http://codereview.chromium.org/3548018 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@61732 0039d316-1c4b-4281-b951-d872f2087c98 | 15 年前 | |
Provide the certificate chain as validated to SSLInfo. Previously, SSLInfo was given the cert chain as served by the server. It is more useful and correct to provide higher layers the cert chain as validated. BUG=77757, 87303, 115312 TEST=net_unittests SSLClientSocketTest.VerifyReturnChainProperlyOrdered Review URL: http://codereview.chromium.org/9442001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@124804 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Provide the certificate chain as validated to SSLInfo. Previously, SSLInfo was given the cert chain as served by the server. It is more useful and correct to provide higher layers the cert chain as validated. BUG=77757, 87303, 115312 TEST=net_unittests SSLClientSocketTest.VerifyReturnChainProperlyOrdered Review URL: http://codereview.chromium.org/9442001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@124804 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Provide the certificate chain as validated to SSLInfo. Previously, SSLInfo was given the cert chain as served by the server. It is more useful and correct to provide higher layers the cert chain as validated. BUG=77757, 87303, 115312 TEST=net_unittests SSLClientSocketTest.VerifyReturnChainProperlyOrdered Review URL: http://codereview.chromium.org/9442001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@124804 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Revert 69356 - Regenerate the root certificate and end-entity certificates used for various tests in net_unittests, now that Windows can temporarily trust certificates for the duration of tests. In addition, add unittests for net::TestRootCerts, which depend on the certs being tested not being trusted by the system beforehand. BUG=8470, 5552 TEST=TestRootCertsTest.* Review URL: http://codereview.chromium.org/5535006 TBR=rsleevi@chromium.org git-svn-id: svn://svn.chromium.org/chrome/trunk/src@69363 0039d316-1c4b-4281-b951-d872f2087c98 | 15 年前 | |
Fix the "certificate is not yet valid" error for server certificates issued by a VeriSign intermediate CA. Change the CertVerifier cache to identify a certificate chain by the hash of the entire chain rather than just the server certificate. This requires adding X509Certificate::chain_fingerprint(), and the X509Certificate::CalculateChainFingerprint() method to compute the chain fingerprint. R=agl@chromium.org,rsleevi@chromium.org BUG=101555 TEST=X509CertificateTest.ChainFingerprints and CertVerifierTest.DifferentCACerts in net_unittests Review URL: http://codereview.chromium.org/8400075 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@107888 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
* Change logic of SpdySession::VerifyDomainAuthentication to permit connection pooling of hosts with the same etld when TLS channel ID is used. * Add tests for SpdySession::VerifyDomainAuthentication * Add a new certificate for testing SpdySession::VerifyDomainAuthentication BUG= Review URL: https://chromiumcodereview.appspot.com/10916275 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@156461 0039d316-1c4b-4281-b951-d872f2087c98 | 13 年前 | |
Properly parse IPv6 subjectAltNames when USE_OPENSSL is set BUG=121153 TEST=X509CertificateTest.ParseSubjectAltName R=agl@chromium.org Review URL: https://chromiumcodereview.appspot.com/9950065 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@130663 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Recommit fraudulent certificate reporting infrastructure. BUG=99185 Review URL: http://codereview.chromium.org/8302019 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@105643 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Add support for parsing certificate formats other than raw, DER-encoded certificates - specifically formats that represent collections of certificates. The certificate format can now be specified as an explicit format, or as a bit-mask of formats that are acceptable/expected, with the first parsable format winning. This is one half of a commit to address BUG #37142, with the second half involving connecting this through the X509UserCertHandler and the actual UI. R=wtc BUG=37142 TEST=X509CertificateParseTest* and PEMTokenizerTest.* Review URL: http://codereview.chromium.org/2819018 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@53298 0039d316-1c4b-4281-b951-d872f2087c98 | 15 年前 | |
Parse individual X.509 name components on Windows, rather than parsing the stringified form On Windows, rather than converting the entire certificate name to a string and attempting to parse out the components and values, iterate through the relativeDistinguishedName and AttributeTypeAndValue pairs to extract each name component. This is to ensure that: 1) When multiple AVAs are present in an RDN, ALL AVAs are parsed. 2) When converting an AVA to a string, no extra escaping is applied. This also fixes domainComponent parsing on OS X, so that unittests with a domainComponent can pass. BUG=101009, 102839 TEST=net_unittests:X509CertificateTest has two new regression tests. Additionally, sample a variety of SSL sites and ensure no regressions, paying attention to internationalized domains. Review URL: http://codereview.chromium.org/8608003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@112650 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Test files containing a self-signed certificate and private key Test files used by SSLServerSocktNSS BUG=None TEST=None Review URL: http://codereview.chromium.org/6065006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@70025 0039d316-1c4b-4281-b951-d872f2087c98 | 15 年前 | |
Really add test Origin Bound Certificate data for http://codereview.chromium.org/8890073/ (Failed to add by commit queue in r114525) BUG=107047 TEST=none TBR=wtc@chromium.org Review URL: http://codereview.chromium.org/8976007 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@114750 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Really add test Origin Bound Certificate data for http://codereview.chromium.org/8890073/ (Failed to add by commit queue in r114525) BUG=107047 TEST=none TBR=wtc@chromium.org Review URL: http://codereview.chromium.org/8976007 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@114750 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Test files containing a self-signed certificate and private key Test files used by SSLServerSocktNSS BUG=None TEST=None Review URL: http://codereview.chromium.org/6065006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@70025 0039d316-1c4b-4281-b951-d872f2087c98 | 15 年前 | |
Fix the "certificate is not yet valid" error for server certificates issued by a VeriSign intermediate CA. Change the CertVerifier cache to identify a certificate chain by the hash of the entire chain rather than just the server certificate. This requires adding X509Certificate::chain_fingerprint(), and the X509Certificate::CalculateChainFingerprint() method to compute the chain fingerprint. R=agl@chromium.org,rsleevi@chromium.org BUG=101555 TEST=X509CertificateTest.ChainFingerprints and CertVerifierTest.DifferentCACerts in net_unittests Review URL: http://codereview.chromium.org/8400075 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@107888 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Fix the "certificate is not yet valid" error for server certificates issued by a VeriSign intermediate CA. Change the CertVerifier cache to identify a certificate chain by the hash of the entire chain rather than just the server certificate. This requires adding X509Certificate::chain_fingerprint(), and the X509Certificate::CalculateChainFingerprint() method to compute the chain fingerprint. R=agl@chromium.org,rsleevi@chromium.org BUG=101555 TEST=X509CertificateTest.ChainFingerprints and CertVerifierTest.DifferentCACerts in net_unittests Review URL: http://codereview.chromium.org/8400075 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@107888 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Add unittests for the detection of md[2,4,5] when verifying certificates BUG=101123 TEST=net_unittests:X509CertificateWeakDigestTest.* Review URL: http://codereview.chromium.org/8391036 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@108074 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Add unittests for the detection of md[2,4,5] when verifying certificates BUG=101123 TEST=net_unittests:X509CertificateWeakDigestTest.* Review URL: http://codereview.chromium.org/8391036 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@108074 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Add unittests for the detection of md[2,4,5] when verifying certificates BUG=101123 TEST=net_unittests:X509CertificateWeakDigestTest.* Review URL: http://codereview.chromium.org/8391036 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@108074 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Add unittests for the detection of md[2,4,5] when verifying certificates BUG=101123 TEST=net_unittests:X509CertificateWeakDigestTest.* Review URL: http://codereview.chromium.org/8391036 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@108074 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Add unittests for the detection of md[2,4,5] when verifying certificates BUG=101123 TEST=net_unittests:X509CertificateWeakDigestTest.* Review URL: http://codereview.chromium.org/8391036 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@108074 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Add unittests for the detection of md[2,4,5] when verifying certificates BUG=101123 TEST=net_unittests:X509CertificateWeakDigestTest.* Review URL: http://codereview.chromium.org/8391036 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@108074 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Add unittests for the detection of md[2,4,5] when verifying certificates BUG=101123 TEST=net_unittests:X509CertificateWeakDigestTest.* Review URL: http://codereview.chromium.org/8391036 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@108074 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Add unittests for the detection of md[2,4,5] when verifying certificates BUG=101123 TEST=net_unittests:X509CertificateWeakDigestTest.* Review URL: http://codereview.chromium.org/8391036 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@108074 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Add unittests for the detection of md[2,4,5] when verifying certificates BUG=101123 TEST=net_unittests:X509CertificateWeakDigestTest.* Review URL: http://codereview.chromium.org/8391036 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@108074 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Add unittests for the detection of md[2,4,5] when verifying certificates BUG=101123 TEST=net_unittests:X509CertificateWeakDigestTest.* Review URL: http://codereview.chromium.org/8391036 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@108074 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Add unittests for the detection of md[2,4,5] when verifying certificates BUG=101123 TEST=net_unittests:X509CertificateWeakDigestTest.* Review URL: http://codereview.chromium.org/8391036 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@108074 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Add unittests for the detection of md[2,4,5] when verifying certificates BUG=101123 TEST=net_unittests:X509CertificateWeakDigestTest.* Review URL: http://codereview.chromium.org/8391036 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@108074 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 | |
Add a certificate chain to be used by a new unit test. R=eroman BUG=31497 TEST=none Review URL: http://codereview.chromium.org/1069001 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@41900 0039d316-1c4b-4281-b951-d872f2087c98 | 16 年前 | |
Return the constructed certificate chain in X509Certificate::Verify() BUG=65540 TEST=net_unittests --gtest_filter=X509CertificateTest.VerifyReturn* Review URL: http://codereview.chromium.org/6874039 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@94832 0039d316-1c4b-4281-b951-d872f2087c98 | 14 年前 |